A content management system may organize content items in a nested namespace structure (“NNS”), where each content item belongs to at least one namespace, a namespace can be directly nested within another namespace (“parent namespace” of the namespace hereinafter), and a content item that belongs to a namespace also belongs to the parent namespace.
Each namespace can be associated with a group of users. The membership of a user in a group associated with a namespace can be inherited from a parent namespace or set directly. When a user is added to or removed from a group associated with a namespace, the membership change can by default be propagated to any namespace nested directly or indirectly in the namespace (“descendant namespace” of the namespace hereinafter).
For each user, a namespace can be associated with access permissions that apply to all content items that belong to the namespace. Each access permission can have a level, such as “read” or “write”, which relates to how content items in the namespace can be accessed. Similar to a user group membership, each access permission can also have a type, such as “inherited” where the level of the access permission is inherited from the parent namespace, or “direct” where the level of the access permission is set directly. When the access permission level associated with a namespace changes for a user, which can result from a change in the membership of the user in a group associated with the namespace, the access permission change can by default be propagated to every descendant namespace through the inherited type.
The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.